| शीर्षक | SourceCodester Online Boat Reservation System 1.0 Broken Access Control |
|---|
| विवरण | A Broken Access Control vulnerability exists in SourceCodester Online Boat Reservation System using PHP 1.0.
The application fails to properly enforce authorization checks on administrative endpoints. A low-privileged tourist user can directly access administrative functionality without administrator privileges.
An authenticated normal user can access sensitive administrative endpoints such as /boat/admin/index.php and /boat/admin/boatsupdate.php?editid=78 by directly browsing restricted URLs.
Furthermore, by manipulating the editid parameter, an attacker can modify boat information without proper authorization.
This vulnerability allows unauthorized users to perform privileged actions and tamper with application data. |
|---|
| स्रोत | ⚠️ https://medium.com/@hemantrajbhati5555/broken-access-control-in-sourcecodester-online-boat-reservation-system-1-0-4ed0380d2222 |
|---|
| उपयोगकर्ता | Hemant Raj Bhati (UID 95613) |
|---|
| सबमिशन | 15/05/2026 02:12 PM (26 दिन पहले) |
|---|
| संयम | 02/06/2026 05:44 PM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367962 [SourceCodester Online Boat Reservation System 1.0 Administrative Endpoint अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|